a84803e951
By providing Occlum PAL as a shared library, it is now possible to embed and use Occlum in an user-controled process (instead of an Occlum-controlled one). The APIs of Occlum PAL can be found in `src/pal/include/occlum_pal_api.h`. The Occlum PAL library, namely `libocclum-pal.so`, can be found in `.occlum/build/lib`. To use the library, check out the source code of `occlum-run` (under `src/run`), which can be seen as a sample code for using the Occlum PAL library.
94 lines
2.7 KiB
Bash
Executable File
94 lines
2.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
working_dir=`pwd`
|
|
this_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
|
|
project_dir="$( cd "$( dirname "$this_dir/../../../" )" >/dev/null 2>&1 && pwd )"
|
|
|
|
SGX_SDK="${SGX_SDK:-/opt/intel/sgxsdk}"
|
|
|
|
occlum_conf_json_path=$1
|
|
enclave_conf_xml_path=$2
|
|
enclave_key_pem_path=$3
|
|
protected_occlum_conf_json_path=`basename $occlum_conf_json_path`".protected"
|
|
|
|
occlum_conf_file_mac=
|
|
occlum_user_space_size=
|
|
|
|
|
|
report_arg_error() {
|
|
echo $1
|
|
echo ""
|
|
echo "Usage: occlum-build-enclave Occlum.json Enclave.xml Enclave.pem"
|
|
}
|
|
|
|
protect_occlum_json() {
|
|
cd $working_dir
|
|
"$project_dir/tools/bin/protect-integrity" protect $occlum_conf_json_path
|
|
}
|
|
|
|
print_occlum_conf_file_mac() {
|
|
cd $working_dir
|
|
"$project_dir/tools/bin/protect-integrity" show-mac $protected_occlum_conf_json_path
|
|
}
|
|
|
|
print_occlum_user_space_size() {
|
|
cd $working_dir
|
|
local size_with_unit=`cat $occlum_conf_json_path | \
|
|
python -c "import sys, json; print json.load(sys.stdin)['vm']['user_space_size']"`
|
|
numfmt --from=iec ${size_with_unit::-1}
|
|
}
|
|
|
|
build_enclave_so() {
|
|
cd $project_dir/src/libos/
|
|
make clean-builtin
|
|
make
|
|
}
|
|
|
|
sign_enclave_so() {
|
|
cd $working_dir
|
|
rm -f libocclum-libos.signed.so
|
|
local enclave_so_path="$project_dir/src/libos/libocclum-libos.so"
|
|
$SGX_SDK/bin/x64/sgx_sign sign \
|
|
-key $enclave_key_pem_path \
|
|
-enclave $enclave_so_path \
|
|
-out "libocclum-libos.signed.so" \
|
|
-config $enclave_conf_xml_path
|
|
}
|
|
|
|
# ===========================================================================
|
|
# Parse input arguments
|
|
# ===========================================================================
|
|
|
|
if [[ $occlum_conf_json_path != *.json ]] ; then
|
|
report_arg_error "Error: Expect a JSON file as the first argument!"
|
|
exit -1
|
|
fi
|
|
if [[ $enclave_conf_xml_path != *.xml ]] ; then
|
|
report_arg_error "Error: Expect a XML file as the second argument!"
|
|
exit -1
|
|
fi
|
|
if [[ $enclave_key_pem_path != *.pem ]] ; then
|
|
report_arg_error "Error: Expect a PEM file as the third argument!"
|
|
exit -1
|
|
fi
|
|
|
|
# ===========================================================================
|
|
# Build Occlum.json.protected and libocclum-libos.signed.so
|
|
# ===========================================================================
|
|
|
|
set -e
|
|
|
|
protect_occlum_json
|
|
echo "GEN => $protected_occlum_conf_json_path"
|
|
|
|
export OCCLUM_BUILTIN_CONF_FILE_MAC=`print_occlum_conf_file_mac`
|
|
echo "EXPORT => OCCLUM_BUILTIN_CONF_FILE_MAC = $OCCLUM_BUILTIN_CONF_FILE_MAC"
|
|
|
|
export OCCLUM_BUILTIN_VM_USER_SPACE_SIZE=`print_occlum_user_space_size`
|
|
echo "EXPORT => OCCLUM_BUILTIN_VM_USER_SPACE_SIZE = $OCCLUM_BUILTIN_VM_USER_SPACE_SIZE"
|
|
|
|
build_enclave_so
|
|
|
|
sign_enclave_so
|
|
echo "SIGN => libocclum-libos.signed.so"
|